Boot-Time Global Logger Session
You can create a Global Logger trace session that traces Windows kernel events during system boot. This method combines the features of the NT Kernel Logger trace session, which traces the kernel, with those of the Global Logger trace session, which traces events that take place during system boot.
The procedure described in this section creates a Global Logger trace session, and then adds a special registry entry, EnableKernelFlags. The presence of the EnableKernelFlags entry, with a valid value, converts the Global Logger trace session to an NT Kernel Logger trace session. The valid values for EnableKernelFlags are taken from the values of the EnableFlags member of the EVENT_TRACE_PROPERTIES structure. The procedure is described in How to Create a Boot-Time Global Logger Session.
Trace providers, including drivers, can log trace messages to this type of session. The procedure for doing so is described in Logging to the Global Logger Session.
This section includes:
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for